Interpol said insufficient cyber hygiene continues to undermine cyber resilience across the continent, as many African organisations and individuals still show low levels of preparedness against cyberattacks.
Cyber hygeine: Imagine never cleaning where you eat. Eventually you will get sick. This is the status of cyber hygiene in South Africa. While South Africa has the relevant laws, they are mostly not enforced. In our DNS system. We see the .co.za sTLD weaponized against South African by folks in South Africa and from up north; Nigeria, Cameroon, Kenya and Uganda. This is done directly either via South African service providers, or via providers abroad like
domain register 1Api and it's resellers like Godaddy. Even if these domains are identified, they are left and not mitigated. Domain reported to the registrar and then ZARC in January, is still active, having victimized at least seven know victims since. Yet full evidence of fraud was supplied, also linked previous SAPS cases.
The report mentions CaaS, Crime as a Service. South Africa with it's mature internet infrastructure is abused for such purposes.
Then we have an overly invasive framework for reporting abuse. Complainants have to supply all their personal details to parties such as ISPA or ZARC. While the POPIA terms states that the data will only be processed to resolve the complaint, ISPA also states it may be shared with the ISPA member under the same terms.
Considering we have some of the CaaS actors that went on to create seemingly legitimate businesses, which in turn were bought out by bigger businesses, one can only wonder who might obtain your details, whether it's not possible that it may be the very party that designed 419 scam websites for his clients in South Africa and Nigeria.
A new host and registrar started by a web developer and SEO expert rapidly became problematic in terms of fraudulent clients. Upon closer scrutiny of their website, WebAfrica's terms and conditions, privacy policy and other content was found on this new entity's website. A query with WebAfrica confirmed they are not affiliated with them and was escalated to WebAfrica's legal department. This begs a few questions. An entrance fee to play does not guarantee honesty and ethics.
The past few years we have seen the calibre of criminals arrested in Johannesburg and South Africa. We have also seen SAPS members killed by criminal enterprise. So, requiring abuse reporters to provider all personal details for self evident abuse makes no sense, it simply puts a target on your back.
Consider that unwitting South Africans might be using these parties for their digital identity, that perhaps their private emails might be stored at such a provider until it's downloaded. Consider who you use carefully. Some strange things happen in South Africa.
This is by no means to say all South African hosts and registrars are of this calibre, their are some extremely upstanding fine ones in South Africa with great staff. They may cost a bit more, but at least you are assured that you get what you expect and maintain your privacy.
Unfortunately laws will not protect you when they are not enforced. Most of the consumer class cyber losses are considered petty crime, even though the amount might be staggering to the ordinary consumer. The crime will not get the same attention as a massive bank breach, or a minister's account that was breached. However, please do report cyber crime, each and every time. Statistics helps.
Please don't trust blindly. Assist your fellow South Africans who may not be as IT literate as you: They don't know what they don't know, it's not that they are stupid. South Africa has a very large anti-scam community whom we support. They assist in fighting pet scams, farming scams, RFQ scams, solar scams etc. Annually they warn thousands of fellow South Africans before they are scammed, also relaying back alerts to Australia, the US and Europe. In turn these other groups are also looking out for South Africa. There is great power in global community involvement paying it forward. Just remember, cyber criminals can be dangerous, never confront them. Spoiling their business puts you in danger.
In the video below, you will find some great statistics in the first part, the Global State of Scams, about how immune consumers consider themselves to be to scams. Yet you don't know what you don't know. Japan is wise.
Sign up with Google
